S&P 500 Company Handing $40,000,000 To Victims of Massive Data Breach in Class Action Settlement

A drug wholesale and distribution company listed on the S&P 500 is preparing to distribute tens of millions of dollars to victims of a data breach in a class action settlement.

According to the settlement administrator’s portal, Pennsylvania-based Cencora and its subsidiary, The Lash Group, will hand out a total of $40 million following a February 2024 cyberattack that exposed sensitive data from the firm’s systems.

The settlement covers all US residents whose personal information was compromised in the breach, including those who received notifications and those identified through an “Inquiry Notice” between September 1st, 2023, and August 5th, 2025.

Under the terms of the settlement, victims may claim up to $5,000 in reimbursement for documented losses related to the breach, with a $5 million total cap. Meanwhile, others may opt for a cash payment without documentation, the amount of which will depend on the total number of claims and remaining settlement funds.

The company disclosed the incident in a Form 8-K filing with the U.S. Securities and Exchange Commission (SEC), confirming that “data from its information systems had been improperly accessed by unknown parties.”

An internal investigation revealed that a wide range of personal and sensitive data had been stolen.

“Personal Information may include names, addresses, dates of birth, Social Security Numbers, health and insurance information, financial information (including financial account information, compensation information, and payment information), transactional information of any sort, consumer profile information, racial or ethnic identity, political opinions, sexual orientation or identity, criminal history, IP addresses or other electronic identifiers, fingerprint or other biometric information, genetic information, trade union membership, and driver’s license and passport information.”

Class members have until January 19th, 2026, to submit claims and December 18th, 2025, to opt out or object. A final approval hearing is slated for February 5th, 2026.